Virus eller vad? Konstig dator

[valter]

För ett par dagar sen började min Vista maskin bete sig lite konstigt. Det funkar bra att surfa på nätet och sånt, men så fort jag försöker öppna upp en fil eller en mapp på datorn, så försvinner aktivitetsfältet, och kommer allt som oftast inte tillbaka. Då får man logga ut, för att sen logga in igen. Vid nästa försök att kolla i mappar så upprepas proceduren.

Har nu kört virusrensning med Avast, avinstallerat en massa onödigt trams, och tömt papperskorgen. Kört med CCleaner och Ad-Aware, men ingen skillnad i datorns sätt att bete sig.

Har nu kollat maskinen med HijackThis, här är resultatet:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:19:43, on 2008-07-31

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:Windowssystem32taskeng.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program FilesAlwil SoftwareAvast4ashDisp.exe

C:Program FilesLaunch ManagerLManager.exe

C:Program FilesCOMODOFirewallcfp.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesWindows Sidebarsidebar.exe

C:Program FilesWindows Media Playerwmpnscfg.exe

C:Windowssystem32wbemunsecapp.exe

C:Program FilesWindows Sidebarsidebar.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Windowssystem32conime.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:Windowssystem32ActiveToolBand.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: (no name) - {9613A000-C0CF-4CEF-B5F7-B5190A939DA1} - C:Windowssystem32opnMebAR.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Windowssystem32eDStoolbar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide

O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe

O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesCOMODOFirewallcfp.exe" -h

O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKCU..Run: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun

O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe

O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUSS-1-5-18..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')

O4 - HKUS.DEFAULT..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O8 - Extra context menu item: &Winamp Toolbar Search - C:ProgramDataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html

O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm

O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - AppInit_DLLs:  C:Windowssystem32guard32.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS3ServerbinVersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:Program FilesCOMODOFirewallcmdagent.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:AcerEmpowering TechnologyeDataSecurityeDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:AcerEmpowering TechnologyeLockServiceeLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:AcerEmpowering TechnologyeNeteNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe

O23 - Service: NMSAccessU - Unknown owner - C:Program FilesCDBurnerXPNMSAccessU.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:AcerEmpowering TechnologyePowerePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

--

End of file - 10903 bytes

Är mycket tacksam för hjälp, vill om möjligt undvika en ominstallation.

Mvh/ Valter

.....

Fortsättning:

Här är loggen efter en sökning med Malwarebytes:

Malwarebytes' Anti-Malware 1.23

Databasversion: 1010

Windows 6.0.6001 Service Pack 1

00:42:53 2008-07-31

mbam-log-7-31-2008 (00-42-53).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 40448

Förfluten tid: 4 minute(s), 58 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 1

Infekterade registernycklar: 6

Infekterade registervärden: 0

Infekterade registerdataposter: 2

Infekterade mappar: 7

Infekterade filer: 11

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

C:WindowsSystem32opnMebAR.dll (Trojan.Vundo) -> Delete on reboot.

Infekterade registernycklar:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9613a000-c0cf-4cef-b5f7-b5190a939da1} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOTCLSID{9613a000-c0cf-4cef-b5f7-b5190a939da1} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftFCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftRemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREScreensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSANotification Packages (Trojan.Vundo) -> Data: c:windowssystem32opnmebar -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAAuthentication Packages (Trojan.Vundo) -> Data: c:windowssystem32opnmebar  -> Delete on reboot.

Infekterade mappar:

C:Program FilesScreensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

C:Program FilesScreensavers.comSSSInst (Adware.Comet) -> Quarantined and deleted successfully.

C:Program FilesScreensavers.comSSSInstbin (Adware.Comet) -> Quarantined and deleted successfully.

C:Program FilesScreensavers.comSSSInstReady (Adware.Comet) -> Quarantined and deleted successfully.

C:Program FilesScreensavers.comSSSInsttemp (Adware.Comet) -> Quarantined and deleted successfully.

C:Program FilesScreensavers.comSSSInstUpload (Adware.Comet) -> Quarantined and deleted successfully.

C:Program FilesScreensavers.comWallpaper (Adware.Comet) -> Quarantined and deleted successfully.

Infekterade filer:

C:WindowsSystem32opnMebAR.dll (Trojan.Vundo) -> Delete on reboot.

C:WindowsSystem32RAbeMnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WindowsSystem32RAbeMnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WindowsSystem32efcBrQHy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WindowsSystem32yHQrBcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WindowsSystem32yHQrBcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WindowsSystem32pmnnOEWP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WindowsSystem32PWEOnnmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WindowsSystem32PWEOnnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Program FilesScreensavers.comSSSInstbinSSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully.

C:Program FilesScreensavers.comWallpaperswpstart.exe (Adware.Comet) -> Quarantined and deleted successfully.

Redigerad Januari 9, 2009 av Malou
Tråden/Ämnet är låst:

[Gäst Malou]

Hej valter!

Ser att du har en del mystiska filer i systemet som inte hör hemma där. Vi börjar med nedanstående

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:

Läs/Följ instruktionerna noga:

Hämta hem Malwarebytes Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

1: Spara installationsfilen till skrivbordet

2: För att påbörja installationen dubbelklicka på mbam-setup.exe

3: Bocka för nedanstående

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

4: Klicka på Slutför

Om där finns uppdateringar kommer dessa att installeras.

Då ovanstående är gjort gå vidare med nedanstående procedur:

1: När programmet startar så välj Utför snabb scanning

2: Klicka på knappen Scanna

3: Scanningen kommer nu att ta en stund

3: När programmet scannat klart klicka Ok och sedan Visa resultat

4: Bocka för allt och klicka på Remove Selected

5: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.

6: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.

MVH/Malou

[valter]

Ny sökning efter omstart:

Malwarebytes' Anti-Malware 1.23

Databasversion: 1010

Windows 6.0.6001 Service Pack 1

00:58:45 2008-07-31

mbam-log-7-31-2008 (00-58-45).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 40388

Förfluten tid: 4 minute(s), 47 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

(Inga illasinnade poster hittades)

-----------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:00:12, on 2008-07-31

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:WindowsExplorer.EXE

C:Windowssystem32Dwm.exe

C:Windowssystem32taskeng.exe

C:Program FilesAlwil SoftwareAvast4ashDisp.exe

C:Program FilesLaunch ManagerLManager.exe

C:Program FilesCOMODOFirewallcfp.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesWindows Sidebarsidebar.exe

C:Program FilesWindows Media Playerwmpnscfg.exe

C:Windowssystem32wbemunsecapp.exe

C:Program FilesWindows Sidebarsidebar.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:Windowssystem32ActiveToolBand.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Windowssystem32eDStoolbar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide

O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe

O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesCOMODOFirewallcfp.exe" -h

O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKCU..Run: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun

O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe

O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUSS-1-5-18..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')

O4 - HKUS.DEFAULT..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O8 - Extra context menu item: &Winamp Toolbar Search - C:ProgramDataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html

O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm

O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - AppInit_DLLs:  C:Windowssystem32guard32.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS3ServerbinVersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:Program FilesCOMODOFirewallcmdagent.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:AcerEmpowering TechnologyeDataSecurityeDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:AcerEmpowering TechnologyeLockServiceeLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:AcerEmpowering TechnologyeNeteNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe

O23 - Service: NMSAccessU - Unknown owner - C:Program FilesCDBurnerXPNMSAccessU.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:AcerEmpowering TechnologyePowerePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

--

End of file - 10774 bytes

[valter]

Hej Malou!

Säger bara en sak, du är min GUD!

Efter rensningen med Anti-Malware så funkar datorn bra igen. Det gick att öppna mappar utan avbrott, gick att kolla efter uppdateringar till Windows, etc.

Så jag är dig evigt tacksam!

Man kan alltså konstatera att CClenear, Ad-Aware och även antivirusprogrammet missade att ta bort vissa filer.

Mvh/ Valter

[Gäst Malou]

Hej valter!

Varsegod och tack för dina vänliga ord

Underbart härligt att höra att datorn mår bättre

Man kan alltså konstatera att CClenear, Ad-Aware och även antivirusprogrammet missade att ta bort vissa filer.

OBS: CCleaner är inget skyddsprogram. Det är ett städverktyg som städar rent i tempmappar (tar bort temporära filer etc...) samt städar bort gamla rester av registernycklar som blivit kvar då man bla har avinstallerat program etc.... Den tar således inte bort virus/trojaner etc.. på det sättet.

Ad-Aware är inte tillförlitligt att använda då den ger F/P (False/Posetive) och sedemera inte hittar/åtgärdar eventuella otyg. Det finns bättre program att använda så som exempelvis Malwarebytes' Anti-Malware/Super Antispyware.

Bertäffande antivirusprogram så kan dessa tyvärr inte hitta allt.

*****************************************************************

Malwarebytes' Anti-Malware  loggan är ren och fin. Mycket bra.

Ang din TM HJT-logga:

Är det du som har installerat => ShowBarObj

C:Windowssystem32ActiveToolBand.dll

http://www.castlecops.com/tk32677-ShowBarObj_Class.html

Ser att du har en äldre version av Javan installerad (en säkerhetsrisk). Den nyare heter Java Runtime Environment (JRE) 6 Update 7.

=> Java Runtime Environment (JRE) 6 Update 7

MVH/Malou

[valter]

Har fixat Java uppdateringen, det andra du skriver om vet jag inte riktigt. ActiveToolBand.dll är inte poppis enligt Google, så jag har förhoppningsvis inte installerat det frivilligt. Hur tar jag bort det?

Kör jag med Anti-Malware så är den loggan ren och fin.

Mvh/ Valter

[Gäst Malou]

Hej Valter!

Gör en ny TM HJT-logga så fixar vi denna Toolbar den vägen 

MVH/Malou

[valter]

OK. Här kommer nya loggen.

----------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:37:07, on 2008-08-01

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program FilesAlwil SoftwareAvast4ashDisp.exe

C:Program FilesLaunch ManagerLManager.exe

C:Program FilesCOMODOFirewallcfp.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesJavajre1.6.0_07binjusched.exe

C:Program FilesWindows Sidebarsidebar.exe

C:Program FilesWindows Media Playerwmpnscfg.exe

C:Windowssystem32taskeng.exe

C:Program FilesWindows Sidebarsidebar.exe

C:WindowsSystem32mobsync.exe

C:Windowssystem32wbemunsecapp.exe

C:Program FilesWindows MailWinMail.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:Windowssystem32ActiveToolBand.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Windowssystem32eDStoolbar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide

O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe

O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesCOMODOFirewallcfp.exe" -h

O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKCU..Run: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun

O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUSS-1-5-18..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')

O4 - HKUS.DEFAULT..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O8 - Extra context menu item: &Winamp Toolbar Search - C:ProgramDataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html

O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm

O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - AppInit_DLLs:  C:Windowssystem32guard32.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS3ServerbinVersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:Program FilesCOMODOFirewallcmdagent.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:AcerEmpowering TechnologyeDataSecurityeDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:AcerEmpowering TechnologyeLockServiceeLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:AcerEmpowering TechnologyeNeteNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe

O23 - Service: NMSAccessU - Unknown owner - C:Program FilesCDBurnerXPNMSAccessU.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:AcerEmpowering TechnologyePowerePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

--

End of file - 10764 bytes

Kan ej hitta filen genom att gå in i Windows/System32 mappen

Mvh/ Valter

[Gäst Malou]

Hej valter!

Vi provar med nedanstående 

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:

Läs/Följ Instruktionerna mycket noga

Öppna TM HJT => klicka på Do a system scan only-knappen => Bocka för nedanstående detaljer => Stäng ner Webbläsaren => klicka på Fix Checked-knappen:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:Windowssystem32ActiveToolBand.dll

Då du gjort ovanstående:

Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge):

För att hitta det du nu skall leta upp gör nedanstående:

Ställ in Utforskaren så du kan se alla filer:

1: I verktygsfältet klicka på => Verktyg => Mappalternativ

2: Välj fliken => Visning sätt en bock i => Visa dolda filer och mappar

3: Avbocka Dölj filnamnstillägg för kända filtyper

4: Avbocka Dölj skyddade operativsystemfiler

Sök/Leta reda på:

Navigera dig fram enligt nedanstående sökväg och deleta filen

C:Windowssystem32ActiveToolBand.dll<=Deleta filen om den hittas:

Vidare:

Fortfarande felsäkert läge:

Gå till Start => Kör => Skriv sen i Kör fältet cleanmgr => Klicka  Ok-knappen

Bocka i de här nedanstående och putsa bort dom

Temporary Files

Temporary Internet Files

Recycle Bin

Nu:

Starta om datorn till normalläge igen:

1: Uppdatera Malwarebytes' Anti-Malware

2: Gör en ny scanning med Malwarebytes' Anti-Malware.

3: Kopiera in loggan du får fram från Malwarebytes'

4: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur det ser ut.

5: Berätta/Tala om hur datorn mår och om där kvarstår problem.

MVH/Malou

[valter]

Hej igen!

Här kommer de olika loggarna:

---------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.24

Databasversion: 1015

Windows 6.0.6001 Service Pack 1

00:40:02 2008-08-02

mbam-log-8-2-2008 (00-40-02).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 40533

Förfluten tid: 4 minute(s), 41 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

(Inga illasinnade poster hittades)

--------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:42:57, on 2008-08-02

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Windowssystem32taskeng.exe

C:Program FilesAlwil SoftwareAvast4ashDisp.exe

C:Program FilesLaunch ManagerLManager.exe

C:Program FilesCOMODOFirewallcfp.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesWindows Sidebarsidebar.exe

C:Program FilesWindows Sidebarsidebar.exe

C:Windowssystem32wbemunsecapp.exe

C:Program FilesWindows Media Playerwmpnscfg.exe

C:Program FilesMalwarebytes' Anti-Malwarembam.exe

C:Windowssystem32NOTEPAD.EXE

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Windowssystem32eDStoolbar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide

O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe

O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesCOMODOFirewallcfp.exe" -h

O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKCU..Run: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun

O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUSS-1-5-18..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')

O4 - HKUS.DEFAULT..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')

O8 - Extra context menu item: &Winamp Toolbar Search - C:ProgramDataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html

O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm

O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - AppInit_DLLs:  C:Windowssystem32guard32.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS3ServerbinVersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:Program FilesCOMODOFirewallcmdagent.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:AcerEmpowering TechnologyeDataSecurityeDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:AcerEmpowering TechnologyeLockServiceeLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:AcerEmpowering TechnologyeNeteNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe

O23 - Service: NMSAccessU - Unknown owner - C:Program FilesCDBurnerXPNMSAccessU.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe

O23 - Service: ePower Service (WMIService) - acer - C:AcerEmpowering TechnologyePowerePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

--

End of file - 10435 bytes

---------------------------------------------------------------------------

Filen gick ej att hitta i felsäkert läge under Windowsmappen. Och datorn tycks må alldeles prima för tillfället! Tusen tack igen!

Mvh/ Valter

[Gäst Malou]

Hej valter!

Varsegod och tack själv för att vi fick hjälpa 

Filen gick ej att hitta i felsäkert läge under Windowsmappen. Och datorn tycks må alldeles prima för tillfället!

Helt ok om den inte hittades. Brukar ta med den proceduren för att säkerställa att den är borta 

Underbart härligt att höra att datorn mår bra!

Malwarebytes' Anti-Malware loggan är ren och fin som den skall vara. Mycket bra 

TM HJT-loggan ser ren och fin ut även den. Kan inte hitta några otrevligheter eller andra konstigheter i den längre. Du har gjort ett mycket bra jobb 

Gå till kontrollpanelen lägg till/ta bort och kontrollera så du inte har några äldre Javaversioner installerade. Om du har så aviinstallera dessa. Den nyare heter Java Runtime Environment (JRE) 6 Update 7 och den skall du behålla 

Här kommer de sedvanliga råden och tipsen:

Hämta hem/installera alla säkerhetsuppdateringar/patchar m.m.

Hämta hem/installera SP1/SP3 för det Operativsystem som används (Windows XP/Windows Vista).

Allt hittas på nedanstående sida där det även finns Lite Tips & Råd för en säkrare dator:

=>Lite Tips & Råd för en säkrare dator:

MVH/Malou

[valter]

Hej!

Alla tidigare varianter av Java har tagits bort manuellt vid installation av den senaste. Kör med SP1 på denna Vista Ultimate dator, och SP3 på min stationära med XP. Problemen började för ett par veckor sedan, när jag försökte låsa upp GPS kartan i datorn. Jag testade säkert två dygn utan framgång, trotts att kartan är en original Garmin DVD, som Garmin skickat till mig. När jag tröttnade så sökte jag efter en "key-generator" på nätet.... resten är historia.

Men tack vare dina enastående kunskaper och tålamod, så mår min dator (och jag själv för den delen) mycket bättre.

Tusen tack!

Mvh/ Valter

[Gäst Malou]

Hej Valter!

Varsegod och tack själv för att vi fick hjälpa samt för dina vänliga ord  Underbart härligt att höra att både du och din dator mår bra 

När jag tröttnade så sökte jag efter en "key-generator" på nätet.... resten är historia.

Inte helt omöjligt att denna har dragit med sig otyg in i datorn.

Alla tidigare varianter av Java har tagits bort manuellt vid installation av den senaste. Kör med SP1 på denna Vista Ultimate dator, och SP3 på min stationära med XP.

Mycket bra att du avinstallerat äldre versioner av Javan  Att du har SP1 installerat i din Vista ser jag  men tar alltid med allt för att inget skall missas 

Ha det så bra och var rädd om datorn!

MVH/Malou